You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/code-security/reference/supply-chain-security/java-package-metadata-dependabot.md
+9-10Lines changed: 9 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
-
title: Optimizing Java packages for Dependabot updates
3
-
intro: By including metadata in your `pom.xml` file, you can enhance the information available to users in {% data variables.product.prodname_dependabot%} pull requests to update your Java packages.
4
-
shortTitle: Optimize Java packages
2
+
title: Java package metadata for Dependabot updates
3
+
intro: Include metadata in your `pom.xml` file to provide helpful links and context in {% data variables.product.prodname_dependabot%} pull requests for Java package updates.
{% data variables.product.prodname_dependabot %} uses the information defined in `pom.xml` files to create pull requests to update Java dependencies for the Gradle and Maven ecosystems. When you include the project metadata that {% data variables.product.prodname_dependabot %} expects, pull requests contain links to the release notes for the suggested package update and a link where users can report any issues. This information means that users can update their packages with confidence after reviewing all the release information.
20
+
{% data variables.product.prodname_dependabot %} uses the `url`, `scm`, and `issueManagement` fields in `pom.xml` files to create pull requests for Java dependency updates. When you include this metadata, pull requests will contain links to release notes and issue trackers, helping users update packages with confidence.
20
21
21
-
## Including the metadata {% data variables.product.prodname_dependabot %} needs in pom.xml files
22
+
## Metadata that {% data variables.product.prodname_dependabot %} needs in pom.xml files
22
23
23
24
{% data variables.product.prodname_dependabot %} uses the URLs for the project, the source code management system, and the issue management system to build the summary for update pull requests.
24
25
25
-
*`url` the home page for the project, see[More Project Information](https://maven.apache.org/pom.html#More_Project_Information) in the POM reference
26
-
*`scm` the URL of the source code management system used by the project, see[SCM](https://maven.apache.org/pom.html#scm) in the POM Reference
27
-
*`issueManagement` the URL of the issue management system used by the project, see[Issue Management](https://maven.apache.org/pom.html#issue-management) in the POM Reference
26
+
*`url`: The home page for the project. See[More Project Information](https://maven.apache.org/pom.html#More_Project_Information) in the POM reference
27
+
*`scm`: The URL of the source code management system used by the project. See[SCM](https://maven.apache.org/pom.html#scm) in the POM Reference
28
+
*`issueManagement`: The URL of the issue management system used by the project. See[Issue Management](https://maven.apache.org/pom.html#issue-management) in the POM Referencex
28
29
29
30
### Example for a project hosted on {% data variables.product.github %}
30
31
@@ -40,8 +41,6 @@ contentType: how-tos
40
41
</project>
41
42
```
42
43
43
-
Replace `OWNER` and `REPOSITORY` with the detailed for your project.
44
-
45
44
## Impact of omitting project metadata from pom.xml files
46
45
47
46
If you forget to include the URLs that {% data variables.product.prodname_dependabot %} checks for, then pull requests to update Java packages are still created. However, the information available to users in the pull request summary will be limited.
0 commit comments